| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren't guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don't guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n pc : submit_compressed_extents+0x38/0x3d0\n lr : async_cow_submit+0x50/0xd0\n sp : ffff800015d4bc20\n\n <registers omitted for brevity>\n\n Call trace:\n submit_compressed_extents+0x38/0x3d0\n async_cow_submit+0x50/0xd0\n run_ordered_work+0xc8/0x280\n btrfs_work_helper+0x98/0x250\n process_one_work+0x1f0/0x4ac\n worker_thread+0x188/0x504\n kthread+0x110/0x114\n ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/btrfs/async-thread.c" |
| ], |
| "versions": [ |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "bd660a20fea3ec60a49709ef5360f145ec0fe779", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "637d652d351fd4f263ef302dc52f3971d314e500", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "804a9d239ae9cbe88e861a7cd62319cc6ec7b136", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "ed058d735a70f4b063323f1a7bb33cda0f987513", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "670f6b3867c8f0f11e5097f353b164cecfec6179", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "6adbc07ebcaf8bead08b21687d49e0fc94400987", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "47e6f9f69153247109042010f3a77579e9dc61ff", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "08a9ff3264181986d1d692a4e6fce3669700c9f8", |
| "lessThan": "45da9c1767ac31857df572f0a909fbe88fd5a7e9", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/btrfs/async-thread.c" |
| ], |
| "versions": [ |
| { |
| "version": "3.15", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "3.15", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.4.293", |
| "lessThanOrEqual": "4.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.9.291", |
| "lessThanOrEqual": "4.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.256", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.218", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.162", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.82", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.5", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.16", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "4.4.293" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "4.9.291" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "4.14.256" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "4.19.218" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "5.4.162" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "5.10.82" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "5.15.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.15", |
| "versionEndExcluding": "5.16" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/bd660a20fea3ec60a49709ef5360f145ec0fe779" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/637d652d351fd4f263ef302dc52f3971d314e500" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/804a9d239ae9cbe88e861a7cd62319cc6ec7b136" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/ed058d735a70f4b063323f1a7bb33cda0f987513" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/670f6b3867c8f0f11e5097f353b164cecfec6179" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6adbc07ebcaf8bead08b21687d49e0fc94400987" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/47e6f9f69153247109042010f3a77579e9dc61ff" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/45da9c1767ac31857df572f0a909fbe88fd5a7e9" |
| } |
| ], |
| "title": "btrfs: fix memory ordering between normal and ordered work functions", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47189", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
